Truecrypt shutdown – 5 questions that must be asked

If you visit www.truecrypt.org you see this text below. If you install the software, you see it quite a couple of times.

The domain www.truecrypt.org  is only redirecting now to www.truecrypt.sourceforge.net.

truecrypt-warning

There are many articles written on this topic, especially on “WHY?”.

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

And when you try to download it:

Download:

WARNING: Using TrueCrypt is not secure

You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.

TrueCrypt 7.2sigkey

If you use TrueCrypt on other platform than Windows, click here.

So, you can still use it.

And it works as expected, only that you will get from time to time some warnings.

So far, so good…

 

But the biggest question is WHY did they shut down the project?

Most important, why now?

 

But let’s start with the beginning.

1. Who are “they” ?

We don’t know. The authors of the software are unknown.

 

2. Why?

Can it be that NSA or somebody else, identified the devs and requested them to insert some backdoor or to provide somehow the keys (which are generated unique for each user) to some government agency?

Speculations… especially because it is not know who the developers are. But maybe NSA knows…

This has happened before with Lavabit. But, here is a bit different because there is no “master key” or something similar. Just the possibility to create backdoors.

 

3. Not secure?

What does it have to do with Windows XP? Yes, there is no “native” encryption on XP, but… come on…  The recent code audit  (phase 1) showed a few issues, but nothing critical and no “created” bugs. Just coding bugs. So, no conspiracy theory… just plain programming errors in very complex code.

 

4. Was the operation sponsored by Microsoft?

The obvious advertisement on the website recommends Microsoft’s BitLocker as the replacement for Truecrypt on Windows. There are other alternatives….It is true though, that none of them is free of charge.

 

5. Is this the end of encryption? 

No, it looks like that the community is gathering some money to fund the project and continue it.

As the closure of Lavabit showed, only after it was shut down many others have started to create alternatives to it. So, it can be that the same will happen with Truecrypt. It is true that you can’t compare encryption with email service, but still… it is possible.

 

Conclusion:

It appears that for some unknown reasons, the unknown developers of Truecrypt have given up the work and abandoned the project. I hope that somebody will take it from there and make it better.

 

 

 


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close